Province Carts - Header Navigation

Free delivery on orders over $200 • Same-day delivery available

0 Cart
Privacy Policy - Province Carts

Privacy Policy

Your privacy matters. This policy explains what we collect, why we collect it, how we use and share it, and the choices you have.

Last updated: August 10, 2025

1 Who We Are & Scope

Controller / Business: Province Carts ("we," "us," "our")

Website: https://provincecarts.com

Contact (privacy): privacy@provincecarts.com • 1420 Market Street, Denver, CO 80202

This policy covers personal information we handle when you browse our site, create an account, place orders, receive deliveries, contact support, or subscribe to marketing.

Age-restricted services: We sell age-restricted products. We verify age/identity at checkout and at delivery. We do not knowingly collect data from minors.

Back to Top

13 International Transfers

Your data may be stored and processed in the United States and other countries where our providers operate. When we transfer data internationally, we use lawful transfer mechanisms and safeguards.

Back to Top

14 Changes to This Policy

We may update this policy to reflect changes to our practices or legal requirements. If we make material changes, we'll notify you (e.g., by email or site notice) and update the "Last updated" date.

Back to Top

15 Contact Us

Questions about this policy or your data? Contact us using the information below:

Privacy Questions or Concerns?

We're here to help with any privacy-related questions or requests.

Email

privacy@provincecarts.com

Mail

Province Carts Privacy Office
1420 Market Street
Denver, CO 80202

Web Form

Privacy Request Form
Back to Top
Back to Top

2 What We Collect

We collect information directly from you, automatically from your device, and from trusted third parties (e.g., payment processors, age-verification providers, and couriers).

Information you provide

  • Account & contact data: name, email, phone, billing/shipping address.
  • Age & identity data (KYC): date of birth; in some cases, government ID images/number for verification, plus a liveness/selfie check where required by law or our fraud policy.
  • Order & delivery data: items purchased, order notes, delivery window, access instructions, proof of delivery (signature, initials).
  • Communications: messages to support, reviews/UGC, survey responses, marketing opt-ins.

Information collected automatically

  • Device & usage data: IP address, approximate location (city/region), device type, browser, pages viewed, time on site, referral source, clickstream.
  • Cookies/SDKs: identifiers for session management, security, fraud prevention, preferences, analytics, and advertising/measurement (see Cookies below).

Information from third parties

  • Payment processors: payment authorization results, fraud signals (we do not store full card numbers).
  • Age-verification providers: pass/fail status and limited match metadata (and, if you upload ID, the verification result).
  • Couriers/delivery partners: delivery status, timestamps, and adult-signature confirmation.
  • Partners & platforms (optional): if you opt in (e.g., SMS marketing), we receive consent status and engagement metrics.

Sensitive data: We avoid collecting sensitive data unless strictly necessary for age verification, fraud prevention, or legal compliance. When collected, processing is limited and access-controlled.

Back to Top

3 Why We Use Your Information (Purposes & Legal Bases)

  • To provide the service — create accounts, process orders, arrange delivery/pickup, handle payments, and provide customer support.
  • To verify age and prevent fraud — confirm legal eligibility, protect accounts, and reduce chargebacks/abuse.
  • To comply with laws — taxation, record-keeping, product/age restrictions, and lawful requests.
  • To improve our site and products — analytics, debugging, quality assurance, and feedback.
  • To communicate with you — order updates, service notices, responses to inquiries.
  • With your consent — marketing by email/SMS/push; placing or reading non-essential cookies; storing ID images when not legally required.

If you are in the EEA/UK, our legal bases include Contract, Legal Obligation, Legitimate Interests (security, fraud prevention, service improvement), and Consent (where required by law).

Back to Top

4 Cookies & Similar Technologies

We use cookies and similar technologies for:

  • Strictly Necessary: security, session management, checkout, consent storage.
  • Performance/Analytics: traffic measurement and diagnostics.
  • Functional: remembering preferences (e.g., service area).
  • Advertising/Measurement (optional): reach/attribution, only where permitted.

Your choices: Use our Cookie Preferences link to accept/decline non-essential cookies. Most browsers let you block or delete cookies. We honor Global Privacy Control (GPC) where required. "Do Not Track" is not standardized; we treat it as a preference only.

Back to Top

5 How We Share Information

We do not sell your personal information. We share it as needed to run our business:

  • Service providers/processors: hosting, security, analytics, email/SMS, customer support.
  • Payment processors & banks: to process payments and prevent fraud.
  • Age/KYC vendors: to verify legal age/identity.
  • Delivery partners: to deliver orders and confirm adult signature.
  • Compliance & legal: to comply with laws, enforce policies, or respond to lawful requests.
  • Business transfers: as part of a merger, acquisition, or asset sale (with notice where required).

Where we engage processors, they are bound by contracts limiting their use of your data to our instructions.

Back to Top

6 Retention

We keep data only as long as necessary for the purposes above and to meet legal, tax, and compliance requirements.

Typical retention periods:

  • Account & order records: 7 years (tax/compliance).
  • Age-verification results: 3 years; ID images kept only as long as needed to verify, then deleted within 30 days, unless law requires longer.
  • Marketing consents & logs: 4 years (audit).
  • Support tickets: 2 years.
  • Analytics data: 24 months (aggregated thereafter).

When retention ends, we delete or anonymize data.

Back to Top

7 Your Rights & Choices

Depending on your location, you may have the right to access, correct, delete, or port your data, and to object to or restrict certain processing. You can also withdraw consent at any time (this won't affect prior processing).

How to exercise rights: Submit a request at our Privacy Request Form or email privacy@provincecarts.com. We'll verify your identity before acting. You may designate an authorized agent where permitted by law.

Marketing choices: You can opt out via the link in emails, by replying STOP to SMS, or in My Account → Notifications.

Cookies: Adjust preferences via Cookie Preferences or your browser settings.

Back to Top

8 California & US State Disclosures

We do not sell personal information for money. We may "share" (as defined by CPRA) limited data for cross-context behavioral advertising only with your consent.

You can opt out of "selling"/"sharing" via Do Not Sell or Share My Personal Information and through GPC signals.

Categories collected (identifiers, commercial info, internet activity, geolocation at city/region resolution, inferences for fraud risk) and the purposes/sharing are described above.

Sensitive data (e.g., government ID for KYC) is used only for legal obligations, security, and fraud prevention; we do not use it for inferring characteristics.

Non-discrimination: We won't discriminate against you for exercising privacy rights, though some features (e.g., delivery) require certain data.

Back to Top

9 EEA/UK GDPR Notices

Controller: Province Carts.

Data Protection Contact: privacy@provincecarts.com.

EU/UK Representative: DataRep EU Services.

Transfers: We may transfer data outside the EEA/UK using lawful safeguards (e.g., Standard Contractual Clauses).

Complaints: You may lodge a complaint with your local supervisory authority.

Back to Top

10 Canada & Other Regions

We collect, use, and disclose personal information with your consent or as otherwise permitted by law.

You may access/correct your information by contacting us.

Cross-border transfers may occur; we use contractual safeguards.

Back to Top

11 Security

We use reasonable administrative, technical, and physical safeguards to protect personal information: encrypted transport (HTTPS), restricted access, authentication, logging, and regular updates. No method is 100% secure; please use a strong, unique password and keep your account details confidential.

Security Best Practices

  • Use a unique, strong password for your Province Carts account
  • Never share your login credentials with others
  • Log out when using shared devices
  • Keep your contact information up to date
  • Be vigilant against phishing attempts
Back to Top

12 Children

Our services are not directed to minors. We do not knowingly collect personal information from anyone under the legal age. If you believe a minor has provided data, contact us and we will delete it.

Province Carts - Footer